The Clop ransomware group has taken responsibility for an attack on Syrmise that saw 500 GB of files and nearly 1,000 devices get encrypted. The attack forced Syrmise to take their essential systems offline and halt production until they can determine how extensive the damage is. It was revealed to BleepingComputer by Clop that they were able to carry out the attack and distribute malware through simple phishing emails. As proof of their work, Clop posted screenshots of the stolen data on their leak site—this included passports, accounting documents, audit reports, confidential cosmetic ingredients, and emails. Syrmise has yet to release an official statement on the incident.
It is important that organizations educate their employees on the risks behind opening and interacting with phishing emails. Binary Defense also recommends using a defense-in-depth strategy to defend against ransomware and other types of attacks. This involves pairing anti-virus with endpoint monitoring amongst other measures. Binary Defense provides managed security services, including the Security Operations Task Force. Analysts within the Security Operations Center (SOC) will monitor EDR and SIEM on a 24/7 365 basis and alert clients of any possible intrusions.